中大機構典藏-NCU Institutional Repository-提供博碩士論文、考古題、期刊論文、研究計畫等下載:Item 987654321/86592
English  |  正體中文  |  简体中文  |  Items with full text/Total items : 78852/78852 (100%)
Visitors : 37793324      Online Users : 693
RC Version 7.0 © Powered By DSPACE, MIT. Enhanced by NTU Library IR team.
Scope Tips:
  • please add "double quotation mark" for query phrases to get precise results
  • please goto advance search for comprehansive author search
    •  Adv. Search
    HomeLoginUploadHelpAboutAdminister Goto mobile version


    Please use this identifier to cite or link to this item: http://ir.lib.ncu.edu.tw/handle/987654321/86592


    Title: 端點特權管理之灰名單軟體信譽判斷研究—以C公司為例;Gray software reputation researchon endpoint privilege management - A case study in C corporation
    Authors: 王國同;Wang, Kuo-Tung
    Contributors: 資訊管理學系在職專班
    Keywords: 端點特權管理;軟體信譽;資訊安全;ELK Stack;Endpoint Privilege Management;Software Reputation;Information Security;ELK Stack
    Date: 2021-07-27
    Issue Date: 2021-12-07 13:00:33 (UTC+8)
    Publisher: 國立中央大學
    Abstract: 依據國內資訊媒體的企業資安調查,惡意程式及勒索軟體的威脅成為近兩年企業風險的前五名,中大型企業為防範此問題,採用端點特權管理系統的商用解決方案,來對用戶端進行軟體與權限的安全控管。端點特權管理系統 (Endpoint Privilege Management,EPM) 是賦予用戶端軟體適當的執行權限,同時只允許用戶端執行企業信任的軟體,能夠透過權限控管與軟體控管來達到用戶端的保護,並同時提供符合稽核法規的報表。EPM對軟體控管依賴於系統管理員對軟體的分類,當系統管理員對軟體信譽無法判別時,則將其歸類為灰名單軟體。本研究以案例公司的端點特權管理系統為研究對象,透過ELK Stack (Elasticsearch、Logstash、Kibana) 與外部IP Address信譽清單來與EPM整合,設計出一套實用性的系統,能夠自動判別已存在的灰名單軟體信譽,來輔助系統管理人員使用EPM,進而降低系統維護成本與提高資安事件的反應速度。此實驗方法於2021年1月至2021年4月期間運行於案例公司,在約2000台的電腦中,完成即時比對的灰名單軟體對外連線次數為398,642次,而其中有71次的連線是連線至信譽不良的IP Address,若以一次連線比對需5分鐘計算,本研究設計可節省的比對時間約3萬多個小時。;According to the survey of domestic IT media agency, malware and ransomware threats are the top five high-risk ranking with corporations in these two years. To mitigate the risk, corporations adopt Endpoint Privilege Management (EPM) to dominate software security and local privilege on end user computers. EPM is a commercial security solution, which is grant minimum execution permission to software, meanwhile, allow trust software on end user computers only.
    System administrators need to classify software categories before implementing this solution. Software which is not able to be classified by system administrators we called it gray software. In this research, we take EPM of case study as an example to design a system which is integrated with ELK Stack (Elasticsearch, Logstash and Kibana) and IP address reputation to achieve reputation identification on exist gray software automatically. Moreover, to lower system maintenance effort and enhance the response time of security incidents. We have applied the experimental method on 2000 end user computers in case study environment and found 71 high risk connections in entire 398,642 connections on gray software from January to April 2021. Meanwhile, we saved around thirty thousand hours to check all connections.
    Appears in Collections:[Executive Master of Information Management] Electronic Thesis & Dissertation

    Files in This Item:

    File Description SizeFormat
    index.html0KbHTML171View/Open


    All items in NCUIR are protected by copyright, with all rights reserved.

    社群 sharing

    ::: Copyright National Central University. | 國立中央大學圖書館版權所有 | 收藏本站 | 設為首頁 | 最佳瀏覽畫面: 1024*768 | 建站日期:8-24-2009 :::
    DSpace Software Copyright © 2002-2004  MIT &  Hewlett-Packard  /   Enhanced by   NTU Library IR team Copyright ©   - 隱私權政策聲明